The White House Office of Management and Budget has released guidance establishing common standards and practices for how federal agencies manage data breaches. The Data Breach Memorandum sets out a risk-based framework for evaluating data breaches and requires each agency to develop a data breach response plan. Not all breaches will trigger individual notification under the guidance. The new guidance comes four months after a House Government and Oversight Committee report criticized the Office of Personnel Management about the 2015 data breaches that compromised the records of 22 million federal employees and family members. EPIC testified in 2009 and 2011 in support of strong data breach notification laws, filed comments with the Office of Personal Management recommending limits on data collection, and has urged the Supreme Court to recognize a right of "information privacy" that would limit the ability of the federal government to collect personal information.
The Senate Armed Services Committee will hold a hearing on "Foreign Cyber Threats to the United States" on January 5, 2016. EPIC submitted a statement to the Committee to alert Senators about a pending Freedom of Information Act request. The EPIC FOIA request concerns the lax response of the FBI to the Russian interference with the 2016 Presidential election. EPIC wrote “we believe that the information that we are seeking from the FBI will also be helpful to the Senate Armed Services Committee as you investigate foreign cyber threats to the United States.”“Director of National Intelligence James Clapper, National Security Agency and Cyber Command Chief Adm. Mike Rogers and Undersecretary of Defense for Intelligence Marcel Lettre are scheduled to testify.
President Obama has sanctioned the Russian government for interference with the 2016 Presidential election. Obama stated, "These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior." Throughout this year, EPIC pursued a campaign in support of data protection, contending that it was "the most important, least well understood issue" of the 2016 election. EPIC specifically warned that online voting systems were vulnerable to cyber attack. EPIC recently filed an expedited FOIA request with the FBI, seeking to determine why the agency was slow to respond to the attack on US democratic institutions by a foreign government.
